Latest news with #MicrosoftDefenderResearch
&w=3840&q=100)
Business Standard
2 days ago
- Business Standard
Project Ire: Know about Microsoft's AI agent to detect malicious software
Microsoft's Project Ire is an AI-powered agent that can reverse engineer unknown software, analyse its behaviour, and autonomously classify it as malicious or benign - without human intervention New Delhi Microsoft has unveiled a prototype AI agent called Project Ire that can autonomously reverse-engineer software and identify cybersecurity threats like malware, without any human input. The company shared details of this research project in a recent blog post, calling it a step forward in using AI to analyse and classify software more efficiently. What is Microsoft's Project Ire? Project Ire is a prototype developed by researchers from Microsoft Research, Microsoft Defender Research, and Microsoft Discovery & Quantum. It's designed to act like a digital analyst that can inspect unknown software, understand how it works, and determine if it's harmful or not. The system is built on the same underlying framework as Microsoft's earlier Discovery platform. It uses large language models (LLMs) and a set of advanced tools that specialise in reverse engineering, the process of taking apart a software program to figure out what it does. How does it work? Microsoft said that its Defender products currently scan over a billion devices every month for threats. But when software looks suspicious, it often requires a security expert to investigate. That process is slow, difficult, and prone to burnout, especially since it involves combing through countless alerts and making judgment calls without clear right answers. That's where Project Ire comes in. Unlike many other AI systems used in cybersecurity, this one is not just reacting to known threats. It's making informed decisions based on complex signals, even when there's no obvious answer. For instance, some programmes might include reverse engineering protection not because they're malicious, but simply to guard their intellectual property. Project Ire attempts to solve this by working like a smart agent. It starts by scanning a file using automated tools that identify its type, structure, and anything unusual. Then it reconstructs how the software works internally, mapping out its functions and flow using tools like Ghidra and Angr. From there, the AI model digs deeper. It calls on a variety of tools through an application programming interface (API) to inspect specific parts of the code, summarise key functions, and build a detailed 'chain of evidence' that explains every step it took to reach a conclusion. At the end of the process, the system generates a final report and classifies the file as either benign or malicious. It can even cross-check its findings against expert-validated data to reduce errors. How will Microsoft use Project Ire? In tests using real-world malware data from Microsoft Defender, Project Ire was able to correctly identify many malicious files while keeping false alarms to a minimum — just four per cent false positives, according to Microsoft. Thanks to this strong performance, Microsoft says it will begin integrating the technology into its Defender platform under the name 'Binary Analyzer.' The goal is to scale the system to work quickly and accurately across all types of software, even those it's never seen before. Ultimately, Microsoft wants Project Ire to become capable of detecting brand-new malware directly from memory, at a large scale.
Hans India
3 days ago
- Hans India
Microsoft's AI Agent ‘Project Ire' Can Independently Detect and Block Malware with High Accuracy
In a significant leap toward AI-driven cybersecurity, Microsoft has introduced Project Ire, a powerful artificial intelligence agent capable of independently detecting and blocking malware. Designed to function with minimal human oversight, the tool leverages advanced reverse engineering techniques to inspect software, assess its intent, and determine its threat level—all without relying on prior knowledge of the codebase. The innovation comes at a time when security teams are grappling with alert fatigue and the overwhelming volume of threats. 'This kind of work has traditionally been done manually by expert analysts, which can be slow and exhausting,' Microsoft stated in its official blog post. By removing much of the manual load, Project Ire promises both speed and scalability in enterprise threat detection. Unlike conventional AI security tools that often struggle with ambiguity in malware traits, Project Ire approaches the challenge with a unique methodology. Microsoft has equipped the agent with the ability to build a detailed 'chain of evidence'—a step-by-step record of its decision-making process. This audit trail allows cybersecurity professionals to verify conclusions, enhancing both transparency and trust in automated systems. The agent starts by identifying the file's type and structure, followed by reconstructing its control flow using decompiling tools like Ghidra and symbolic execution frameworks such as angr. It integrates various analytical tools via API to summarize the function of each code block, gradually building its chain of logic that supports the final verdict. In terms of performance, the results are compelling. During internal testing, Project Ire was tasked with analyzing a set of Windows drivers containing both safe and malicious files. The AI accurately classified 90% of them, with a precision score of 0.98 and a recall of 0.83. Only 2% of safe files were mistakenly flagged—a relatively low false positive rate in the cybersecurity domain. Microsoft then challenged the AI with a tougher dataset of nearly 4,000 complex and previously unreviewed software files, typically reserved for manual inspection. Even in this scenario, Project Ire demonstrated remarkable efficiency, maintaining a precision score of 0.89 and limiting false positives to just 4%. A standout achievement occurred when Project Ire became the first reverse engineer—human or AI—within Microsoft to compile sufficient evidence to warrant the autonomous blocking of an advanced persistent threat (APT) malware sample. That malware has since been neutralized by Microsoft Defender. The project is a collaborative effort involving Microsoft Research, Microsoft Defender Research, and Microsoft Discovery & Quantum. As cyber threats become more sophisticated and persistent, tools like Project Ire are expected to become essential components of modern digital defense frameworks, offering faster, more consistent, and less labor-intensive threat mitigation. With Project Ire, Microsoft is not just enhancing its security toolkit—it's redefining what AI can accomplish in the world of malware defense.
India Today
3 days ago
- India Today
Microsoft says its new AI Agent can spot and block malware on its own
Microsoft has unveiled a new artificial intelligence system that can independently detect and block malware, without any human assistance. Called Project Ire, this prototype agent is designed to reverse-engineer software files and determine whether they are safe or harmful, marking a major step forward in cybersecurity. According to Microsoft's blog post, Project Ire can fully analyse a software file even if it has no prior information about the file's source or purpose. It uses decompilers and other advanced tools to scan the code, understand its behaviour, and decide whether it poses a risk. The tool is the result of a joint effort between Microsoft Research, Microsoft Defender Research, and Microsoft Discovery & kind of work has traditionally been done manually by expert analysts, which can be slow and exhausting,' Microsoft explained. Security researchers often suffer from alert fatigue and burnout, making it hard to maintain consistency across large-scale malware Ire stands out from other AI security tools because malware classification is particularly difficult to automate. There is no clear-cut way for a machine to verify its decisions, and many traits of malicious software can also appear in legitimate programs. This makes it hard to train a system that is both accurate and reliable. To tackle this, Microsoft equipped Project Ire with a system that builds what it calls a 'chain of evidence', a step-by-step trace showing how the agent reached its conclusion. This audit trail allows human experts to later verify its findings and improves accountability in case of Ire's analysis begins with triaging the file type and structure, then reconstructing its control flow using tools like Ghidra and angr. It can then call different tools through an API to summarise each code function, adding the results to its evidence tested the agent in two key evaluations. In one trial, it analysed a dataset of Windows drivers, some malicious, others safe. The AI correctly identified 90 per cent of the files, with only 2 per cent of the safe files wrongly flagged as threats. This gave Project Ire a precision score of 0.98 and a recall of a tougher real-world test, Microsoft gave the AI nearly 4,000 complex files that had not yet been reviewed by any other automated systems. These files were meant for manual inspection by experts. Even under these conditions, Project Ire achieved a high precision score of 0.89, with a false positive rate of just 4 per fact, Project Ire was the first reverse engineer, human or machine, at Microsoft to produce a malware detection case strong enough to justify automatic blocking of an advanced persistent threat (APT) sample. That malware has now been neutralised by Microsoft Defender.- EndsTune InMust Watch
